diff options
author | Matthew Heon <mheon@redhat.com> | 2020-12-02 15:01:46 -0500 |
---|---|---|
committer | Matthew Heon <mheon@redhat.com> | 2020-12-04 13:49:56 -0500 |
commit | 95c45773d7dbca2880152de681c81f0a2afec99b (patch) | |
tree | 501d62aa9508c19ca5a7912648bded52419d3ace /pkg | |
parent | ce45b71dcfe7e5e0fd7ab43b9eeb4834317e6443 (diff) | |
download | podman-95c45773d7dbca2880152de681c81f0a2afec99b.tar.gz podman-95c45773d7dbca2880152de681c81f0a2afec99b.tar.bz2 podman-95c45773d7dbca2880152de681c81f0a2afec99b.zip |
Do not mount sysfs as rootless in more cases
We can't mount sysfs as rootless unless we manage the network
namespace. Problem: slirp4netns is now creating and managing a
network namespace separate from the OCI runtime, so we can't
mount sysfs in many circumstances. The `crun` OCI runtime will
automatically handle this by falling back to a bind mount, but
`runc` will not, so we didn't notice until RHEL gating tests ran
on the new branch.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/specgen/generate/oci.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go index 8454458a8..9649873fd 100644 --- a/pkg/specgen/generate/oci.go +++ b/pkg/specgen/generate/oci.go @@ -165,7 +165,7 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt inUserNS = true } } - if inUserNS && s.NetNS.IsHost() { + if inUserNS && s.NetNS.NSMode != specgen.NoNetwork { canMountSys = false } |